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A method for controlling access to a shared secret 
includes methods (300, 400) for enrolling and disenrolling 
shareholders of the shared secret. The methods (300, 400) 
include steps which allow each shareholder to retain fixed 
shares associated with the shared secret while preserving 
the integrity of the shared secret A method (500) for 
recovering the shared secret includes a step of computing 
(508) split shares for shareholders given a fixed share and 
a transmogrifier key associated with each. The fixed shares 
and transmogrifier keys are combined (510) for recovering 
the split shares which are further used when recovering the 
shared secret. 
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METHOD FOR CONTROLLING ACCESS TO A SHARED SECRET 

Field of the Invention 

5 This invention relates in general to a method for controlling access to a 

shared secret, and more specifically, to enrolling and disenrolling shareholders of the 
shared secret, and recovering the shared secret by combining shares associated with 
shareholders. 

10 Background of the Invention 

Current methods for enrolling new shareholders in a generalized secret 
sharing scheme (SSS) typically require new "fixed shares" to be assigned to 
previously enrolled shareholders. A problem with such SSS schemes is when a new 

15 shareholder is enrolled, it may be inconvenient, impractical, or impossible to provide 
an existing shareholder with a new fixed share. For example, when existing 
shareholder S A is a member of two groups of shareholders, and each group is capable 
of recovering a split share of a shared secret, current methods for enrolling a new 
shareholder typically require that shareholder S A receive a new fixed share. When 

20 unavailable to receive a new fixed share, shareholder S A is effectively disenrolled 
from both groups of shareholders. 

Likewise, methods for disenrolling a shareholder typically require that when 
a shareholder is removed from a group of shareholders, the remaining shareholders 
receive new fixed shares associated with a shared secret. 

25 Another problem with existing methods arise when recovering a shared 

secret. Typical systems fail to "decouple" fixed shares associated with a shareholder 
when the shareholder no longer needs access to the shared secret. In other words, 
once a shareholder is associated with a fixed share, the shareholder has an ability to 
recover, at least in cooperation with other shareholders, the shared secret. 

30 Thus, what is needed is a method for enrolling a shareholder as one of an 

existing group of shareholders while allowing the existing group of shareholders to 
retain fixed shares associated with a shared secret. What is also needed is a method 
for disenrolling a shareholder as one of a group of shareholders while allowing the 
group of shareholders, less the disenrolled shareholder, to retain fixed shares 

35 associated with a shared secret. What is also needed is a method for recovering a 
shared secret that decouples shareholders from the shared secret. 



6/6/2007, EAST Version: 2.1.0.14 



WO 00/45245 



PCTAJS99/31053 



Brief Description of the Drawings 

The invention is pointed out with particularity in the appended claims. 
However, a more complete understanding of the present invention may be derived by 
referring to the detailed description and claims when considered in connection with 
the figures, wherein like reference numbers refer to similar items throughout the 
figures and: 

FIG. 1 shows a simplified block diagram of a system for controlling access to 
a shared secret in accordance with a preferred embodiment of the present invention; 

FIG. 2 shows a simplified block diagram of a hierarchical secret sharing 
system for controlling access to a shared secret in accordance with a preferred 
embodiment of the present invention; 

FIG. 3 shows a simplified flowchart of a method for enrolling a shareholder 
in accordance with a preferred embodiment of the present invention; 

FIG. 4 shows a simplified flowchart of a method for disenrolling a 
shareholder in accordance with a preferred embodiment of the present invention; and 

FIG. 5 shows a simplified flowchart of a method for recovering a secret in 
accordance with a preferred embodiment of the present invention. 

The exemplification set out herein illustrates a preferred embodiment of the 
invention in one form thereof, and such exemplification is not intended to be 
construed as limiting in any manner. 
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Detailed Description of the Preferred Embodiment 

The present invention provides, among other things, a method for enrolling 
and a method for disenrolling shareholders of a shared secret. The enrollment and 
disenrollment methods allow each shareholder to retain fixed shares associated with 
the shared secret when adding and removing shareholders. The integrity of the 
shared secret is preserved even though shareholders retain the fixed shares. The 
present invention also provides a method for decoupling a shareholder from a shared 
secret when recovering the shared secret. 

A shareholder is defined herein to mean a person, a secure identification (ID) 
card, a FORTEZZA card, a smart card, a credit card, a debit card, a cellular 
telephone, a satellite phone, a pager, a radio, a satellite, a security device, a 
computer, a peripheral device, a personal digital assistant, etc., capable of storing and 
recalling a fixed share, such as, for example, a security token, a password, a pin 
number, a cryptographic key, a digital signature, a share of a shared secret, a shared 
secret, etc. A group of shareholders is defined herein to mean a collection of 
individual shareholders as described above. Preferably, groups of shareholders are 
comprised of a combination of similar types of shareholders, however the present 
invention may include a combination of different types of shareholders (e.g., a 
satellite phone and a satellite). 

A shared secret is defined herein to mean a piece of information that may be 
split into pieces of information (e.g., shares) to be distributed to shareholders. In 
accordance with a preferred embodiment of the present invention, no share reveals 
the shared secret or any part of any other share with regard to the shared secret. A 
secret sharing scheme splits a shared secret into shares, and recombines split shares 
to recover the shared secret. A threshold secret sharing scheme combines at least 
some minimum number of fixed shares to recover a shared secret. In accordance 
with the preferred embodiment of the present invention, a threshold scheme is an M- 
of-N scheme, wherein M and N are positive integers and M is less than or equal to N. 
Preferably, M represents the minimum number of shares needed to recover the secret, 
and N represents the total number of shares that are distributed. A generalized secret 
sharing (GSS) scheme combines a number of fixed shares to recover a split share, 
and combines a number of split shares to recover a shared secret. In accordance with 
the preferred embodiment of the present invention, in a GSS scheme, two or more 
groups of shareholders shares can be combined to recover a shared secret. 

A split share is defined herein to mean a share that when combined with a 
predetermined number of other split shares recovers a shared secret. A fixed share is 
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defined herein to mean a share stored by and recoverable from a shareholder. In 
accordance with the preferred embodiment of the present invention, when a fixed 
share is combined with an associated transmogrifier key via a transmogrifier 
operation, a split share is recovered. A transmogrifier key is defined herein to mean 
5 a value which is stored by and recoverable from a system element (e.g., a computer, 
a programmable logic device, a smart card, etc.). Preferably, the system element also 
associates the transmogrifier key with a split share. 

A transmogrifier operation is defined herein to mean an operation that is a 
function in a forward direction and a relation in a reverse direction. In other words, 
when a forward transmogrifier operation receives two inputs (e.g., a fixed share and a 
transmogrifier key), a single output is generated (e.g., a split share). However, when 
a reverse transmogrifier operation receives two inputs (e.g., a split share and a fixed 
share) one or more outputs are generated (e.g., transmogrifier key). Preferably, any 
one of the transmogrifier keys may be associated with the fixed share. Examples of 
transmogrifier operations include, for example, addition, subtraction, exclusive-or, 
quadratic equations, cubic equations, elliptic-curve equations, etc. 

FIG. 1 shows a simplified block diagram of a system for controlling access to 
a shared secret in accordance with a preferred embodiment of the present invention. 
In a preferred embodiment of the present invention, system 1 00 includes 
transmogrifiers 108-1 10 and share combiner 114. In one preferred embodiment, 
transmogrifiers 108-1 10 and share combiner 1 14 are implemented as, for example, 
software programs executing on a computer. In another preferred embodiment, 
transmogrifiers 108-1 10 and share combiner 1 14 are implemented in hardware such 
as, for example, a programmable logic device. In other embodiments, combinations 
of software and hardware may be used to implement transmogrifiers 108-1 10 and 
share combiner 114. 

In a preferred embodiment, transmogrifiers 108-1 10 receive fixed shares 102- 
104. Transmogrifiers 108-1 10 perform a transmogrifier operation on inputs of fixed 
shares 102-104 and transmogrifier keys 105-107, and generate split shares 111-113. 
Share combiner 1 14 preferably combines split shares 1 1 1-1 13 to generate shared 
secret 116. In a preferred embodiment, share combiner 1 14 combines split shares by 
performing a secret sharing scheme. 

In a preferred embodiment, each transmogrifier operation performed by 
transmogrifiers 108-1 10 comprises substantially the same (e.g., homogenous) 
operation such as, for example, addition on its respective inputs. In another 
embodiment, each transmogrifier operation performed by transmogrifiers 108-1 10 
comprises a unique (e.g., heterogeneous) operation, such as, for example, addition, 

-4- 



6/6/2007, EAST Version: 2.1.0.14 



WO 00/45245 



PCT/US99/31053 



subtraction, and exclusive-or. In other words, each of the transmogrifiers shown in 
system 100 performs a unique operation on the respective inputs. For example 
transmogrifier 108 performs an addition operation, transmogrifier 109 performs a 
subtraction operation, and transmogrifier 1 10 performs an exclusive-or operation. 

FIG. 2 shows a simplified block diagram of a hierarchical secret sharing 
system for controlling access to a shared secret in accordance with a preferred 
embodiment of the present invention. In a preferred embodiment of the present 
invention, system 200 generally includes a plurality of system 100 (FIG. 1) elements 
and a share combiner 114. In a preferred embodiment, system 200 includes 
combinations of system 100 elements arranged such that outputs of system 100 
elements generate shared secrets 116. Preferably, shared secrets 1 16 are input to 
share combiner 1 14 to recover a "high level" shared secret. In another embodiment, 
combinations of system 200 elements are arranged such that an output of share 
combiner 1 14 is input to other system 200 elements. 

Similar to that for elements in system 100 (FIG. 1), system 200 elements are 
preferably implemented as software programs. In another embodiment, system 200 
elements may be implemented as hardware devices such as, for example, 
programmable logic devices. In another embodiment, system 200 elements may be 
implemented as a combination of hardware and software elements. 

FIG. 3 shows a simplified flowchart of a method for enrolling a shareholder 
in accordance with a preferred embodiment of the present invention. In a preferred 
embodiment, method 300 is performed for enrolling a shareholder as one of a group 
of shareholders of a shared secret. In a preferred embodiment, method 300 is 
performed for enrolling a shareholder in a system implementing a generalized secret 
sharing scheme for a shared secret. In another embodiment, method 300 is 
performed for enrolling a shareholder in a system implementing a threshold sharing 
scheme for a shared secret. In a preferred embodiment, method 300 is performed by 
a system, for example system 200 (FIG. 2), implementing a generalized secret 
sharing scheme. In another embodiment, method 300 is performed by a system, for 
example system 100, implementing a threshold sharing scheme. 

In a preferred embodiment, method 300 is performed for enrolling a 
shareholder as one of a group of shareholders to create a new group of shareholders. 
Each of the group of shareholders retains fixed shares associated with a shared secret 
determined prior to enrolling the shareholder. Preferably, method 300 is 
implemented as a set of steps, for example, steps 302-314. 

In step 302, the shared secret is re-split into a plurality of split shares. In a 
preferred embodiment, a method such as, for example, Shamir's secret sharing 
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scheme is performed to split the shared secret. Preferably, the number splits is 
equivalent to the number of shareholders in the new group of shareholders. In other 
embodiments, methods such as, for example, Blakley's geometric scheme", 
"Benaloh-Leichter scheme", "Generalized Secret Sharing and Monotone Functions", 
5 "Brickell-Davenport scheme", and "Ito-Saito-Nishizeki scheme" are also suitable for 
splitting the shared secret. 

In step 306, at least one of the plurality of split shares is associated with a 
transmogrifier operation for each of the new group of shareholders. In a preferred 
embodiment, a transmogrifier operation is associated with a split share. Preferably, 
each split share is associated with one transmogrifier operation. 

In step 308, a fixed share is determined for the shareholder. In a preferred 
embodiment, a fixed share is generated by a random number generator. In other 
embodiments, other methods of determining a fixed share include, for example, 
selecting a fixed share from a large pool of fixed shares. In yet another embodiment, 
a shareholder may retain a fixed share determined prior to performing step 308. 

In step 3 10, a transmogrifier key is calculated for each of the new group of 
shareholders. In a preferred embodiment, a transmogrifier key is computed by 
determining a value that when combined with a fixed share and operated on by an 
associated transmogrifier operation, generates a split share for each shareholder. 

In step 3 12, the fixed share is provided to the shareholder. In a preferred 
embodiment, the shareholder receives the fixed share determined in step 308. As 
discussed in step 308, a shareholder may retain a fixed share that was previously 
determined. 

In step 314, a check is performed to determine when additional shareholders 
are to be enrolled. In a preferred embodiment, when no additional shareholders are 
to be enrolled, the method ends. Otherwise, step 302 is performed. 

FIG. 4 shows a simplified flowchart of a method for disenrolling a 
shareholder in accordance with a preferred embodiment of the present invention. In 
a preferred embodiment, method 400 is for disenrolling a shareholder as one of a 
group of shareholders of a shared secret. In a preferred embodiment, method 400 is 
for disenrolling a shareholder in a system implementing a generalized secret sharing 
scheme for a shared secret. In another embodiment, method 400 is for disenrolling a 
shareholder in a system implementing a threshold sharing scheme for a shared secret. 
In a preferred embodiment, method 400 is performed by a system, for example 
system 200 (FIG. 2), implementing a generalized secret sharing scheme. In another 
embodiment, method 400 is performed by a system, for example system 100, 
implementing a threshold sharing scheme. 
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In a preferred embodiment, method 400 is for disenrolling a shareholder as 
one of a group of shareholders to create a new group of shareholders. Each of the 
new group of shareholders retains fixed shares associated with a shared secret 
determined prior to disenrolling the shareholder. Preferably, method 400 is 
5 implemented as a set of steps, for example, steps 406-4 1 2. 

In step 406, the shared secret is re-split into a plurality of split shares based 
on the new group of shareholders. In a preferred embodiment, a method such as, for 
example, Shamir's secret sharing scheme is performed to split the shared secret. 
Preferably, the number of splits is equivalent to the number of shareholders in the 
10 new group of shareholders. 

In step 408, at least one of the plurality of shares is associated with a 
transmogrifier operation for each of the new group of shareholders. In a preferred 
embodiment, each split share is associated with one transmogrifier operation. 

In step 410, a transmogrifier key is calculated for each of the new group of 
15 shareholders. In a preferred embodiment, a transmogrifier key is computed by 
determining a value that when combined with a fixed share and operated on by an 
associated transmogrifier operation, generates a split share for each shareholder. 

In step 412, a check is performed to determine when another shareholder is to 
be disenrolled. In a preferred embodiment, when another shareholder is to be 
20 disenrolled, step 402 is performed. Otherwise, the method ends. 

FIG. 5 shows a simplified flowchart of a method for recovering a secret in 
accordance with a preferred embodiment of the present invention. In a preferred 
embodiment, method 500 is performed to recover a shared secret for a system 
implementing a generalized secret sharing scheme. In another embodiment, method 
25 500 is performed to recover a shared secret for a system implementing a threshold 
sharing scheme. 

In a preferred embodiment, method 500 generally includes a set of steps for 
recovering a shared secret. Preferably, shareholders of a shared secret provide fixed 
shares to a transmogrifier operation. The transmogrifier operation combines the 
30 fixed shares with an associated transmogrifier key to recover a split share. A share 
combiner preferably combines the split shares to recover the shared secret. In a 
preferred embodiment, method 500 is implemented as a set of steps, for example, 
steps 502-516. 

In step 502, a fixed share is received from each of a group of shareholders. In 
35 a preferred embodiment, a transmogrifier receives a fixed share from each of the 
group of shareholders. In another embodiment, a number of shareholders less than 
all the group of shareholders is needed to recover the shared secret. Therefore, in the 
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other embodiment, the number of fixed shares received in step 502 is less than the 
number of shareholders in the group. 

In step 504, a transmogrifier key is associated with each of the group of 
shareholders. In a preferred embodiment, a transmogrifier key is associated with 
5 each fixed share received in step 502 for each of the group of shareholders. 

Preferably, a one-to-one relationship exists between fixed shares and transmogrifier 
keys. 

In step 508, a split share is computed for each of the group of shareholders. 
In a preferred embodiment, a transmogrifier operation associated with each 
shareholder is performed on the fixed share and the transmogrifier keys determined 
in step 504. Preferably, performing the transmogrifier operation generates a split 
share for each of the shareholders. 

In step 510, the split shares are combined to recover the shared secret. In a 
preferred embodiment, the split shares determined in step 508 are combined to 
recover the shared secret. Preferably, a method such as Shamir's secret sharing 
scheme is performed to combine the split shares. In other embodiments, methods 
such as, for example, Blakley's geometric scheme", "Benaloh-Leichter scheme", 
"Generalized Secret Sharing and Monotone Functions", "Brickell-Davenport 
scheme", and "Ito-Saito-Nishizeki scheme" are also suitable for combining split 
shares to recover a shared secret. 

In step 512, a check is performed to determine when another group of 
shareholders needs to recover a shared secret to further determine access to a high 
level shared secret. In a preferred embodiment, when additional shared secrets need 
to be recovered for fiirther recovering a high level shared secret, step 502 is 
performed. Otherwise, step 5 14 is performed. 

In step 514, a check is performed to determine when more than one group of 
shareholders needs to recover a shared secret. In a preferred embodiment, when 
more than one group of shareholders needs to recover a shared secret, for further 
recovering a high level shared secret, step 516 is performed. Otherwise, the method 
ends. 

In step 5 1 6, the shared secrets are combined to recover the high level shared 
secret. In a preferred embodiment, a step similar to step 5 1 0 is performed to 
combine shared secrets to recover the high level shared secret. 

Among other things, a method for enrolling and a method for disenrolling 
shareholders of a shared secret have been described. The enrollment and 
disenrollment methods allow each shareholder to retain fixed shares associated with 
the shared secret when adding and removing shareholders, respectively. The 
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integrity of the shared secret is preserved even though shareholders retain the fixed 
shares. What has also been shown is a method for decoupling a shareholder from a 
shared secret when recovering the shared secret. 

Thus, a method for controlling access to a shared secret has been described 

5 which overcomes specific problems and accomplishes certain advantages relative to 
prior art methods and mechanisms. The improvements over known technology are 
significant. The inconvenience, impracticality, or impossibility of assigning new 
fixed shares to shareholders when adding and removing shareholders is avoided. 
Similarly, a shareholder, whether currently one of a group of shareholders or not, 

10 may retain a fixed share of a shared secret without compromising the integrity of the 
shared secret. 

The foregoing description of the specific embodiments will so fully 
reveal the general nature of the invention that others can, by applying current 
knowledge, readily modify and/or adapt for various applications such specific 

15 embodiments without departing from the generic concept, and therefore such 
adaptations and modifications should and are intended to be comprehended 
within the meaning and range of equivalents of the disclosed embodiments. 

It is to be understood that the phraseology or terminology employed 
herein is for the purpose of description and not of limitation. Accordingly, the 

20 invention is intended to embrace all such alternatives, modifications, 
equivalents and variations as fall within the spirit and broad scope of the 
appended claims. 
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CLAIMS 

What is claimed is: 

5 1 . A method for enrolling a shareholder as a member of a group of 

shareholders to create a new group of shareholders, each of the group of shareholders 
retaining fixed shares associated with a shared secret determined prior to enrolling 
the shareholder, the shared secret being split into a plurality of split shares based on 
the new group of shareholders, the method comprising the steps of: 
10 associating at least one of the plurality of split shares with a transmogrifier 

operation for the shareholder; 

determining a fixed share for the shareholder; 
calculating a transmogrifier key for the shareholder based on the 
transmogrifier operation, the at least one split share, and the fixed share; and 
15 providing the fixed share to the shareholder. 

2. The method as claimed in claim 1 , wherein the calculating step further 
includes the step of determining the transmogrifier key by computing a value that 
when combined with the fixed share and operated on by the transmogrifier operation, 

20 generates the at least one split share. 

3. The method as claimed in claim 1, wherein the determining step includes 
the step of generating a random number to compute the fixed share. 

25 4. The method as claimed in claim 1 , further comprising the steps of: 

associating at least one of the plurality of split shares for each of the group of 
shareholders with of a set of transmogrifier operations; and 

calculating a transmogrifier key for each of the group of shareholders based 
on the at least one of the set of transmogrifier operations, the plurality of split shares, 
30 and the fixed shares. 

5. The method as claimed in claim 4, further comprising the steps of: 
performing the transmogrifier operation on the fixed shares and associated 
transmogrifier keys of each of the new group of shareholders to recover the plurality 
35 of split share associated with each of the new group of shareholders; and 
combining the plurality of split shares to recover the shared secret. 
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6. The method as claimed in claim 4, wherein the set of transmogrifier 
operations comprises a set of homogeneous operations. 

7. The method as claimed in claim 4, wherein the set of transmogrifier 
5 operations comprises a set of heterogeneous operations. 

8. The method as claimed in claim 4, wherein the set of transmogrifier 
operations comprises a first set of homogeneous operations and a second set of 
heterogeneous operations. 

10 

9. A method for disenrolling a shareholder as a member of a group of 
shareholders to create a new group of shareholders, each of the new group of 
shareholders retaining fixed shares associated with a shared secret determined prior 
to disenrolling the shareholder, the method comprising the steps of: 

15 re-splitting the shared secret into a plurality of split shares based on the new 

group of shareholders; 

associating at least one split share of the plurality of split shares with a 
transmogrifier operation for each of the new group of shareholders; and 

calculating a transmogrifier key for each of the new group of shareholders 
20 based on the transmogrifier operation, the at least one split share, and at least one of 
the fixed shares associated therewith. 

1 0. The method as claimed in claim 9, wherein in the calculating step 
further includes the step of determining the transmogrifier key by computing a value 

25 that when combined with the at least one of the fixed shares and operated on by the 
transmogrifier operation, generates the at least one split share. 

1 1 . The method as claimed in claim 9, wherein the transmogrifier operation 
for each of the new group of shareholders comprises a set of homogeneous 

30 operations. 

12. The method as claimed in claim 9, wherein the transmogrifier operation 
for each of the new group of shareholders comprises a set of heterogeneous 
operations. 
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1 3 . The method as claimed in claim 9, wherein the transmogrifier operation 
for each of the new group of shareholders comprises a first set of homogeneous 
operations and a second set of heterogeneous operations. 

5 1 4. A method for recovering a shared secret, the method comprising the 

steps of: 

receiving a fixed share from each of a group of shareholders; 
associating a transmogrifier key with each of the group of shareholders; 
computing a split share for each of the group of shareholders based on a 
10 transmogrifier operation, the transmogrifier key, and the fixed share associated 
therewith; and 

combining the split share for each of the group of shareholders to recover the 
shared secret. 

15 15. The method as claimed in claim 14, wherein the combining step 

comprises a threshold secret sharing scheme. 



16. The method as claimed in claim 14, wherein the combining step 
comprises a generalized secret sharing scheme. 

20 

1 7. The method as claimed in claim 1 4, further comprising the steps of: 
checking to determine when another group of shareholders needs to recover 

another shared secret to further recover a high level secret; and 

combining the shared secret and the another shared secret to recover the high 
25 level secret. 



-12- 



6/6/2007, EAST Version: 2.1.0.14 



WO 00/45245 



PCT/US99/31053 



114 



100 

_1_ 



. .102 

| SHAREHOLDER j -*— 

10 3 

| SHAREHOLDER H ~ 



. .104 

I SHAREHOLDER p— 



JOS 

/ 



t 



105 



TRANSMOGRIFIERl — l 



111 



109 

_l 



t 



106 



TRANSMOGRIFIER 



112 



107 



. 113 

] TRANSMOGRIFIER | — L — 



110 

1 



114 

i 



SHARE 
COMBINER 



116 



. 1 



INPUT* 



INPUT] 



100 

t 

COMBINER 
SYSTEM 



100 
_i 



COMBINER 
SYSTEM 



116 



116 

I 



114 

t 



SHARE 
COMBINER 



OUTPUT 



6/6/2007, EAST Version: 2.1.0.14 



WO 00/45245 



PCT/US99/31053 



214 



302' 



306- 



C START ) 
I 



RE-SPLIT A SHARED SECRET INTO A 
PLURALITY OF SPLIT SHARES BASED 
ON A NEW GROUP OF SHAREHOLDERS 



ASSOCIATE AT LEAST ONE OF THE 
PLURALITY OF SPLIT SHARES WITH 
A TRANSMOGRIFIER OPERATION FOR 
EACH OF THE NEW GROUP OF 
SHAREHOLDERS 



308' 



I 



DETERMINE A FIXED SHARE FOR 
THE SHAREHOLDER 



CALCULATE A TRANSMOGRIFIER KEY FOR 
EACH OF THE NEW GROUP OF SHAREHOLDERS 
3ttM BASED ON THE TRANSMOGRIFIER OPERATION, 
THE SPLIT SHARE, AND THE FIXED SHARE 
ASSOCIATED THEREWITH 



312- 



I 



PROVIDE THE FIXED SHARE 
TO THE SHAREHOLDER 



314 ^ 

* ADDITIONAL 
SHAREHOLDERS TO BE 
ENROLLED 

7 



YES 



6/6/2007, EAST Version: 2.1.0.14 



WO 00/45245 



PCT/US99/31053 



3/4 



406- 



C START ) 



RE-SPLIT A SHARED SECRET INTO A 
PLURALITY OF SPLIT SHARES BASED 
ON THE NEW GROUP OF SHAREHOLDERS 



408- 



I 



ASSOCIATE AT LEAST ONE OF THE 
PLURALITY OF SPLIT SHARES WITH 
A TRANSMOGRIFIER OPERATION FOR 
EACH OF THE NEW GROUP OF 
SHAREHOLDERS 



I 



CALCULATE A TRANSMOGRIFIER KEY FOR 
EACH OF THE NEW GROUP OF SHAREHOLDERS 
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